gwt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's PR review workflow in SKILL.md explicitly tells the agent to run gh pr view <url-or-number> to extract branch names from user-provided PR URLs/numbers, so it fetches and interprets user-generated GitHub PR content (a public third-party source) that directly determines commands the agent will run.